Evilham
fefe90e9c9
__pf_apply the way it exists on cdist is not really useful and __pf_ruleset does not take advantage of other types as it should, being instead overly complex and not as reliable. The new __pf_ruleset is compatible with the previous one, and __pf_apply_anchors allows for a simple and powerful way of managing pf anchors. The functionality previously provided by __pf_apply is still possible out of the box in __pf_ruleset. These patches were mostly contributed by Kamila Součková and made fit for upstreaming by Evilham.
59 lines
1.3 KiB
ReStructuredText
59 lines
1.3 KiB
ReStructuredText
cdist-type__pf_ruleset(7)
|
|
=========================
|
|
|
|
NAME
|
|
----
|
|
cdist-type__pf_ruleset - Copy a pf(4) ruleset to $__target_host
|
|
|
|
|
|
DESCRIPTION
|
|
-----------
|
|
This type is used on \*BSD systems to manage the pf firewall's ruleset.
|
|
|
|
It will also enable and disable the pf firewall as requested in the `state`
|
|
parameter.
|
|
|
|
|
|
REQUIRED PARAMETERS
|
|
-------------------
|
|
state
|
|
Either "absent" (no ruleset at all) or "present", defaults to "present".
|
|
|
|
|
|
OPTIONAL PARAMETERS
|
|
-------------------
|
|
source
|
|
Required when state is "present".
|
|
Defines the ruleset to load onto the $__target_host for `pf(4)`.
|
|
|
|
|
|
EXAMPLES
|
|
--------
|
|
|
|
.. code-block:: sh
|
|
|
|
# Remove the current ruleset in place and disable pf
|
|
__pf_ruleset --state absent
|
|
|
|
# Enable pf with the ruleset defined in $__manifest/files/pf.conf
|
|
__pf_ruleset --state present --source $__manifest/files/pf.conf
|
|
|
|
|
|
SEE ALSO
|
|
--------
|
|
:strong:`pf`\ (4)
|
|
|
|
|
|
AUTHORS
|
|
-------
|
|
Kamila Součková <coding--@--kamila.is>
|
|
Jake Guffey <jake.guffey--@--eprotex.com>
|
|
|
|
|
|
COPYING
|
|
-------
|
|
Copyright \(C) 2016 Kamila Součková.
|
|
Copyright \(C) 2012 Jake Guffey. You can redistribute it
|
|
and/or modify it under the terms of the GNU General Public License as
|
|
published by the Free Software Foundation, either version 3 of the
|
|
License, or (at your option) any later version.
|